O'Reilly logo

The Mac Hacker's Handbook by Dino Dai Zovi, Charlie Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8

Exploiting Heap Overflows

Heap buffer overflow vulnerabilities are typically no more difficult to identify in source code than are stack buffer overflows, and their exploitation is proving to be as well understood as the exploitation of stack buffer overflow vulnerabilities. In rich applications, such as network servers and web browsers, where the remote attacker can influence heap allocation, skillful heap manipulation is extremely important for crafting reliable exploits, and a good understanding of how the heap works is crucial to being able to perform useful heap manipulations. In this chapter we will dissect the default Mac OS X heap implementation and describe how an attacker may manipulate it to exploit heap buffer overflows reliably.

The Heap

The heap is a memory management facility used to support dynamically allocated memory. Chapter 7, “Exploiting Stack Overflows,” described the stack, which is used for automatically allocated memory, typically for local function variables. Memory for the function’s local variables stored in stack memory is automatically allocated when the function is called and automatically freed when the function returns. Memory allocated from the heap, by contrast, is freed only when the program explicitly requests it. The heap is used to implement dynamic memory management in C, C++, and Objective-C using malloc()/free(), new/delete, and alloc/release, respectively.

Mac OS X allows the heap allocator implementation to be chosen dynamically. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required